--
-- Find information about shares of the IFS root ('/')
-- 
select ENTRY_TIMESTAMP, AUDIT_USER_NAME, SHARE_NAME, SHARE_ACTION, QUALIFIED_JOB_NAME, PATH_NAME
  from table (
      SYSTOOLS.AUDIT_JOURNAL_VP()
    )
    where PATH_NAME like '/'
    order by entry_timestamp desc;

--
-- Find file shares that were added to the system in the last month
--
select ENTRY_TIMESTAMP, AUDIT_USER_NAME, SHARE_NAME, QUALIFIED_JOB_NAME, PATH_NAME
  from table (
      SYSTOOLS.AUDIT_JOURNAL_VP(STARTING_TIMESTAMP => current timestamp - 30 days)
    )
    where ENTRY_TYPE like 'S' and SHARE_TYPE like 'FILE' and SHARE_ACTION like 'ADD'
    order by entry_timestamp desc;


--
-- Find file shares that were removed from the system in the last month
--
select ENTRY_TIMESTAMP, AUDIT_USER_NAME, SHARE_NAME, QUALIFIED_JOB_NAME, PATH_NAME
  from table (
      SYSTOOLS.AUDIT_JOURNAL_VP(STARTING_TIMESTAMP => current timestamp - 30 days)
    )
    where ENTRY_TYPE like 'S' and SHARE_TYPE like 'FILE' and SHARE_ACTION like 'REMOVE'
    order by entry_timestamp desc;
   

--
-- Find unknown or guest user attempts to connect to the system in the last day
--     
select ENTRY_TIMESTAMP, AUDIT_USER_NAME, COMPUTER_NAME
  from table (
      SYSTOOLS.AUDIT_JOURNAL_VP(STARTING_TIMESTAMP => current timestamp - 24 hours)
    )
    where ENTRY_TYPE like 'U'
    order by entry_timestamp desc;

--
-- Find password violations on NetServer connection attempts in the last day
--     
select ENTRY_TIMESTAMP, AUDIT_USER_NAME, COMPUTER_NAME
  from table (
      SYSTOOLS.AUDIT_JOURNAL_VP(STARTING_TIMESTAMP => current timestamp - 24 hours)
    )
    where ENTRY_TYPE like 'P'
    order by entry_timestamp desc;    
    
    
--
-- Find NetServer user profiles disabled in the last day
--     
select ENTRY_TIMESTAMP, AUDIT_USER_NAME, COMPUTER_NAME
  from table (
      SYSTOOLS.AUDIT_JOURNAL_VP(STARTING_TIMESTAMP => current timestamp - 24 hours)
    )
    where ENTRY_TYPE like 'D'
    order by entry_timestamp desc;     
    
--
-- Find NetServer access blocked by AUTL restrictions in the last 7 days
--
select ENTRY_TIMESTAMP, AUDIT_USER_NAME, COMPUTER_NAME, SHARE_NAME, SHARE_AUTHORIZATION_LIST
  from table (
      SYSTOOLS.AUDIT_JOURNAL_VP(STARTING_TIMESTAMP => current timestamp - 7 days)
    )
    where ENTRY_TYPE like 'A'
    order by entry_timestamp desc;
    
--
-- Find NetServer client activity in the last hour
--
select ENTRY_TIMESTAMP, AUDIT_USER_NAME, COMPUTER_NAME, ENTRY_TYPE_DETAIL, SHARE_NAME, 
       SHARE_TYPE, CORRELATION_ID, ENCRYPTION_REQUIRED, PERMISSIONS
  from table (
      SYSTOOLS.AUDIT_JOURNAL_VP(STARTING_TIMESTAMP => current timestamp - 1 hour)
    )
    where ENTRY_TYPE like 'C' OR ENTRY_TYPE like 'E'
    order by entry_timestamp asc;